Many types of services are provided using web-based servers and applications. For example, a provider of a service may set up a web site that is accessible through the Internet using an Internet browser. As another example, a computer application or device application may be provided by a service provider to access provider services, and may rely for its operation upon interactions with a network-based server.
In order to protect systems from unauthorized use, network-based services often ask each user to provide a username and corresponding password before allowing access to the services. Systems such as this that rely on single-factor authentication can be susceptible to attack by malicious entities who impersonate legitimate users. For example, passwords can sometimes be guessed or derived from information known about a legitimate user.